Contents tagged with Identity Integration

Last Thursday Microsoft unveiled its new strategy for enterprise security, called Business ReadySecurity. The new strategy follows Microsoft's integration of security and identity in one division. Integration of security and identity is now also shown in the extension of the Forefront label into the identity management products. The next version of Microsoft Identity Lifecycle Manager (ILM) is now rebranded toForefront Identity Lifecycle Manager. JG Chirapurath, director of Microsoft's identity and security business group said that from now on all Microsoft's directory and security management products outside of Windows will be released under the Forefront label.

In the same announcement Microsoft also unveiled Beta 2 of the Stirling security suite. The suite includes several client, server and application security products, including Forefront Threat Management Gateway (formerly ISA Server), Forefront Client Security, Forefront Security for Exchange Server and Forefront Security for SharePoint, under a common management console.

Beta 2 of Stirling also includes Security Assessment Sharing (SAS), which gathers events from third-party products under the Forefront management console. Microsoft saidit is fully aware that isnot able to solve the security challenge by itself and that 10 partners will announce integration with SAS, including Juniper,TippingPoint, Brocade,RSA Security, Kaspersky, StillSecure, Imperva,Q1 Labs, Sourcefire and Guardium.

On Thursday Microsoft also announced it's first security software as a service offering: Forefront Online Security for Exchange. This is the first in a line of SaaS announcements coming out of the Forefront suite. Just like its non-cloud version Forefront Online Security for Exchangewill filter messages using multiple scanning engines for virus and spam detection. While virus and spam detection runs in the cloud, User identities can remain on-premises inside Active Directory in an organization's Exchange boxes.

In my previous post I gave a very brief overview of the different components of the Microsoft Identity Lifecycle Manager "2" product. I provided an especially brief description of one of those components, the Microsoft Identity Lifecycle Manager Policy Service (ILM-PS). I would like to take some time to follow up on that post and provide a deeper description of the ILM-PS at this time. To do that let me start by taking a step back and discuss briefly some of the motivations behind adding this component in Microsoft Identity Lifecycle Manager "2".

Inclusion of the ILM-PS into the Microsoft Identity Lifecycle Manager "2" product is the realization of a concept that started with Microsoft Identity Lifecycle Manager 2007. Prior to the release of Microsoft Identity Lifecycle Manager 2007, the Synchronization Engine component was the entirety of the product known as Microsoft Integrated Identity Server (MIIS). At that time MIIS was, and still is, fantastic at what it does: synchronize, provision, and deprovision data between heterogeneous data sources. However, managing the lifecycle of this data was done externally through the external data stores. In other words, the Synchronization Engine would only perform synchronization, provisioning, or deprovisioning actions when there was a data change in an external store to which it was connected through a Management Agent (MA). Further, deploying and configuring of the Synchronization Engine was a complex task that often required contracting experts, especially if an enterprise's deployment required the authoring of custom one or more custom MAs.

With the release of Microsoft Identity Lifecycle Manager 2007 the Synchronization Engine is joined by the Certificate Lifecycle Manager (CLM). The addition of CLM begins the inclusion of the ability to manage the lifecycle of data synchronized by the Synchronization Engine. The deployment and configuration of the Synchronization Engine remains mostly the same; however, the integration point between the Synchronization Engine and CLM is improved with the inclusion of a custom MA that sits between the Synchronization Engine and the data store that backs the CLM. This results in the ability for enterprises to use Microsoft Identity Lifecycle Manager 2007 as a complete solution for managing certificate related data.

With the release of Microsoft Identity Lifecycle Manager "2" the Synchronization Engine and Certificate Lifecycle Manager (CLM) are joined by Policy Service. The Policy Service extends the initial step taken by the CLM to include the ability to manage the lifecycle of data synchronized by the Synchronization Engine into the Microsoft Identity Lifecycle Management product. Like CLM, the data store backing the Policy Service is connected to the Synchronization Engine with a custom MA. However, unlike CLM, the Policy Service does not manage one specific type of data. More precisely, the Policy Service introduces a platform for managing the lifecycle of different types of data providing that data can be represented as a "Resource" within the Policy Service.

This Guide describes how to plan and implement a user-based, self-service password change solution using IIS, a Web-based password management application, and WMI. The Step-by-Step document shows how to install, configure, and use IIS, ASP.NET, and the Web-based application.

These documents describe how to plan and implement a user-based, self-service password change solution. The Solution Guide describes how to use Internet Information Services (IIS), ASP.NET, and the Web-based MIIS 2003 Password Management application, in combination, to manage passwords. It discusses how users change passwords using the Web-based application and a Windows Management Instrumentation (WMI) interface. The Step-by-Step document shows how to install, configure, and use IIS, ASP.NET, and the Web-based application. It also offers suggestions for verifying and troubleshooting the solution.Download At Source

The Microsoft Identity Integration Server 2003 Getting Started Collection is a set of documents that are designed to walk you through various features within MIIS 2003. This document set is designed to be a learning aid for users that would like to learn or expand their MIIS 2003 skills. Each document within the Getting Started Collection explains a collection of features or some functionality of MIIS 2003 in a simplified environment. The environment is designed to help the user become familiar with MIIS 2003 and its features in a time efficient manner. After reviewing and using the documents in the Getting Started Collection you should feel more comfortable with the identity features presented in MIIS 2003.We hope you find this document useful. If you would like to discuss the content of this document or if you have any questions, feel free to post a message on the MIIS Technet Forum at: http://go.microsoft.com/fwlink/?linkid=68184 Version 1.2Download At Source

Early-Adopter Program for MIIS 2003 SP2 with the Management Agent for SAP now OPEN!!!

I am writing to announce that MIIS 2003 SP 2 and the Management Agent for SAP are available now to MIIS 2003 SP2 Early-Adopter Program participants.

A list of what’s new in this release is provided below.

Our Early-Adopter Program actually incorporates a Supported Technology Adopter Program (the “TAP”) and an Unsupported Beta Program. It provides access to both MIIS 2003 SP2 and the new Management Agent for SAP. The Management Agent for SAP will require MIIS 2003 SP2. Customers accepted into the TAP will enjoy free support through the migration to MIIS 2003 SP 2, as well as opportunity to provide feedback to improve the quality of the release. This provides a valuable opportunity to reduce your risk and deployment time through an upgrade that requires moving your MIIS production database onto SQL Server 2005, and your rule extensions to .NET 2.0. An important requirement for participating in the TAP is a commitment to deploy MIIS 2003 SP2 into production by the end of January 2007. Customers who are not participants in the TAP can still enjoy early access to the release, and will have structured opportunities for feedback. Please read on for details on how to enroll in the program.

For more information, please email miissp2b. We look forward to working with you in the MIIS SP 2 Early-Adopter Program! MIIS 2003 SP2 Overview What’s new with MIIS 2003 Service Pack 2?A New Platformo Option for using SQL Server 2005 as the meta-directory data storeo Rule Extension development in Visual Studio 2005 for execution on .NET 2.0

The MIIS 2003 Design Concepts document set provides discussions and recommended solutions for specific challenges that are encountered during the design phase of MIIS 2003.

You can download the following documents:MIIS 2003 Design Concepts for Reference Attributes This document explains how reference attributes are processed by MIIS 2003 for direct attribute mapping scenarios and provides a conceptual explanation of a custom solution for advanced mapped reference attributes. It also includes design recommendations for both direct and advanced mapped attributes.MIIS 2003 Design Concepts for Correlating Digital Identities This document discusses considerations for mapping attributes across different identities and configuring joins based on your business requirements. It introduces the concept of Correlation ID and explains how you can deploy a Correlation ID to establish strong object relationships in your identity integration solution.MIIS 2003 Design Concepts for Implementing Identity Data Functions This document introduces identity data functions (IFunctions), a design concept for identity data authoritativeness, discusses possible implementation options, and provides best practice recommendations for IFunctions. In these documents, you will find detailed discussions of specific challenges that are often encountered during the design of MIIS solutions. These documents present some of the most common design issues that are discussed in newsgroups and in e-mail discussion groups. We hope you find these documents useful. If you would like to discuss the content of a document or if you have any questions, feel free to post a message on the MIIS newsgroup on the Microsoft Web site (http://go.microsoft.com/fwlink/?linkid=45219).Download At Source

Learn how the Microsoft information technology (IT) department uses Microsoft Identity Integration Server (MIIS) 2003 to empower end users with a self-service identity and access management solution. The solution creates a personalized e-mail address, is user friendly, and provides flexibility for regional naming preferences. At the same time, the solution is robust, spans complexities, and enforces compliance with defined conventions for naming accounts. Join this webcast for an exclusive look at how Microsoft determined the business logic and deployed Easy ID in six months.Download At Source

As identity management and access take center stage in the software arena, Microsoft is developing a service pack for its Identity Integration Server 2003 and a major upgrade, code-named Gemini, due out in 2007. At Tech Ed 2005, Microsoft said it is building out its Microsoft Identity Integration Server (MIIS) platform--formerly known as Microsoft Metadirectory Services (MMS)--to offer improved security and operational efficiencies, better enable online business transactions and help customers meet regulatory requirements such as Sarbanes-Oxley and HIPAA.

In 2006, Microsoft plans to release MIIS SP2, which will bring self-service password reset for end users and a new ERP Management Agent (MA) for integrating SAP and PeopleSoft identity information into MIIS, said Andreas Luther, group product management for MIIS in Microsoft's Identity and Access Group. MIIS SP1 and Resource Kit v 2.0, both released in late 2004, provided password synchronization, a Provisioning Wizard and basic workflow application that demonstrated how to build workflows in MIIS, according to Microsoft.

Yet that's just the beginning of Microsoft's identity management and access plans, Luther said. Further out, in the Longhorn Server time frame, Microsoft plans to release its Gemini version of MIIS. The upgraded server, slated to come out in 2007, or about three months after Longhorn Server ships, will offer core functionality required for process integration services, including rich workflow, centralized auditing and reporting, codeless provisioning, self-entitlement management and a self-service platform, he said.

The platform allows corporations to manage identity data--such as account information, passwords, configurations and access rights--stored in heterogeneous directory services throughout the enterprise. Microsoft acquired ZoomIT and its metadirectory platform in 1999 and renamed it Microsoft Metadirectory Services. It was released as Microsoft Identity Integration Server 2003 Enterprise Edition in 2003.

Identity management is crucial to enabling B2B transactions between companies and their partners and suppliers. In Microsoft's world, B2B will get a big jump-start later this year with the R2 release of Windows Server 2003, which offers Active Directory Federation Services. MIIS, for instance, will work with the Active Directory Federation Services to enable cross-company identity management and authentication.

"MIIS will offer a complete password management story, with powerful workflow and business process integration," Luther said, adding that there needs to be strong safeguards to protect companies that engage in B2B transactions. "When you federate with partners, you have to manage user accounts. If you create accounts for partners, what if your partner doesn't tell you that an employee leaves?"

The Gemini provisioning capability is an integrated toolset that will manage the life cycle of digital identities and entitlement, Luther said. The enhanced provisioning will offer automated deprovisioning of accounts and centralized auditing of access to resources. He added that the unified Gemini workflow engine and model will enable full workflow support for provisioning and allow for the development of end-user self-service applications.

"It will give you a UI for defining rules when and where entitlements are created, and there's no more coding required," Luther said. "It's ready-to-use, out-of-the-box, self-service and compliance checking." Continue At Source